DataQuest – a malicious Mac application that is typically installed via fake Flash updates
DataQuest is malware that delivers other unwanted software behind users' backs
DataQuest is an adware that reaches macOS users after they get tricked to install fake Flash Player updates or during the installation of unsafe applications from third-party sites. The app belongs to the prominent Adload campaign – an interconnected network of malicious apps that abuse a built-in AppleScript to deliver additional malicious payloads without user notification. As a result, victims' computers become more infected over time, and only proper computer cleaning can stop the background activities of the DataQuest virus.
Due to the stealthy activity of DataQuest and other applications that might have been inserted without permission, users might not notice the infection immediately. Nevertheless, some of the symptoms may be visible right away, such as modified web browser settings of Safari, Google Chrome, and Mozilla Firefox. As a result, users can face redirects to various scam sites, pop-up notifications from the macOS like “Utility will damage your computer,” increased amount of ads on all websites, a slowdown of the machine, suspicious extensions installed without permission, etc.
|Type||Mac virus, adware|
|Infiltration||Users might get infected with malware after being tricked by fake update prompts that are encountered on scam websites, or during the installation of freeware acquired from unsafe third-party websites|
|Symptoms||Symptoms of the infection might vary from person to person, although typical signs include unknown installed apps or/and extensions, slowdown of the web browser, redirects bring to unknown sites, ads show up on all visited websites, etc.|
|Risks||Installation of other malicious software without notification, unsolicited information gathering the background, financial losses due to unwanted activities|
According to Virus Total, DataQuest is detected under the following names:
|Malware termination||You can try to get rid of the infection manually, although moving suspicious apps to trash might not be enough, as you will have to find all the malicious files yourself. Instead, you can employ anti-malware software to get rid of malware automatically|
|Optimization||To speedup your macOS and get rid of junk files automatically, employ optimization tool Reimage Reimage Cleaner Intego|
Security researchers note that adware has been a growing threat to Mac users. According to experts' reports, Mac malware is now outpacing Windows infection rate,, and one of the major portions of the infections belongs to adware. While DataQuest can be considered as ad-supported software, its distribution and operation methods are much closer to those of malware.
The principle of DataQuest virus activity is very primitive – it is concentrating on delivering users ads, such as pop-ups, deals, offers, banners, in-text links, coupons, and other commercial content. While in some cases, these ads might be marked by an app or a service it is being delivered from, it is highly unlikely to see “Ads by DataQuest” or “Powered by DataQuest” or similar indicators.
When DataQuest is trying to display ads, it will attempt to connect to unknown domains in the background. This way, the pop-ups, and other ads can be called up when users are browsing the web. This activity may considerably slow down the web browser, and some websites may fail to load entirely. If the slowdowns continue after DataQuest removal, are probably low on space due to funk files – you can get rid of those with tools like Reimage Reimage Cleaner Intego.
Although the symptoms of DataQuest infection vary, you may see the following signs of the infection:
- Unknown browser extensions added on the web browser (often cannot be removed in a regular way);
- Scareware apps like Advanced Mac Cleaner or Mac Cleanup Pro installed on the system;
- The homepage, new tab address, and the search engine are set to something else;
- Browser redirects bring to scam, phishing, spoofing, fake update, and similar dangerous websites;
- Some websites might fail to load.
Besides these relatively obvious symptoms, there is a lot that the DataQuest adware can do in the background. One of the main activities that should be concerning is data gathering. Considering that the malware gains elevated permissions on the system, some of the browser extensions might be set to gather all the information you type into your web browser. Besides, adware also usually collects non-personally identifiable information as well, including the IP address, ISP, links clicked, sites visited, search queries, technical details, installed apps, etc.
DataQuest might insert intrusive advertisements on all visited websites and change web browser settings without permission
You should remove DataQuest from your machine as soon as possible, as its deceptive operation might lead to multiple severe consequences, including monetary loss, privacy issues, or even identity fraud. Keep in mind that the app might also be a sign that other threats are already present on the machine, including the notorious Shlayer Trojan.
Ways to recognize fake updates and other tips on how to avoid adware and malware on Macs
For many years, Mac power users and even IT experts claimed that Mac malware does not exist, and there is no need to employ any third-party security tools in order to protect it. According to them, the built-in defenses like GateKeeper and XProtect are more than enough – and they would be correct several years ago. Most of Mac malware nowadays utilize various techniques to bypass these defenses, such as using fake digital signatures that would circumvent GateKeeper's functionality. Additionally, users can always grant permission for malicious files to make changes to the system once they are tricked by a sophisticated phishing alert online.
Thus, it is important to know how Mac malware spreads in order to avoid it in the future. Two main methods are used by cybercriminals:
- Fake Flash updates. This technique is well-known to cybersecurity experts and many regular users, as it has been employed for years. Flash is a plugin that allowed multimedia to be delivered to users from various sites, and they would often see the “Flash required” prompts everywhere. While the technology was long replaced by HTML 5 in 2014, and practically all websites got rid of the flawed Flash Player. Nevertheless, because the plugin is so embedded in users' memories, they still believe that they need it. All in all: do not ever click on Flash update prompts on various sites, as they are fake, and you do not need the plugin as a regular user in the first place.
- Software bundles. Apple Store currently holds more than 1.8 million applications, so there is a good reason to limit downloads from there. Nevertheless, third-party sites often host installers that compile multiple programs – these are often deliberately hidden using various techniques, such as pre-ticked boxes, misleading deals, etc. Thus, always pick Advanced/Custom settings instead of Recommended/Quick ones and get rid of ticks that would otherwise allow the installation of media players, extensions, and other unwanted programs.
In most cases, users get infected with DataQuest malware after they get tricked by fake Flash Player update
Get rid of DataQuest malware
To remove the DataQuest virus from your machine, taking it to Trash will most likely not suffice. In some cases, you might not even find the app inside the Applications folder at all, as it can be functioning with the help of other persistence techniques. Some malicious files that are dropped on Mac can continue the unwanted activities even after the main app is terminated. Therefore, to get rid of the adware manually, you should also check the following locations for suspicious .plist and other files:
If you do not want to tamper with files inside your computer, you can perform automatic DataQuest removal with the help of security software. Simply download reputable anti-malware on your system and perform a full system scan – this will also eliminate all the underlying threats you might not be aware of. Finally, reset all the installed web browsers in order to eliminate unwanted browser extensions or settings.
You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.
To remove DataQuest, follow these steps:
Remove DataQuest from Mac OS X system
Get rid of DataQuest malware by following these steps:
If your macOS is displaying some infection symptoms, proceed with the following guide:
Remove DataQuest from Applications folder:
- From the menu bar, select Go > Applications.
- In the Applications folder, look for DataQuest-related entries.
- Click on the app and drag it to Trash (or right-click and pick Move to Trash)
To fully remove DataQuest, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:
- Select Go > Go to Folder.
- Enter /Library/Application Support and click Go or press Enter.
- In the Application Support folder, look for any dubious entries related to DataQuest and then delete them.
- Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the DataQuest-related entries.
Erase DataQuest from Mozilla Firefox (FF)
Remove dangerous extensions:
- Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
- Select Add-ons.
- In here, select plugins that are related to DataQuest and click Remove.
Clear cookies and site data:
- Click Menu and pick Options.
- Go to Privacy & Security section.
- Scroll down to locate Cookies and Site Data.
- Click on Clear Data…
- Select Cookies and Site Data, as well as Cached Web Content and press Clear.
In case DataQuest did not get removed after following the instructions above, reset Mozilla Firefox:
- Open Mozilla Firefox browser and click the Menu.
- Go to Help and then choose Troubleshooting Information.
- Under Give Firefox a tune up section, click on Refresh Firefox…
- Once the pop-up shows up, confirm the action by pressing on Refresh Firefox – this should complete DataQuest removal.
Uninstall DataQuest from Google Chrome
Delete malicious extensions from Google Chrome:
- Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
- In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to DataQuest by clicking Remove.
Clear cache and web data from Chrome:
- Click on Menu and pick Settings.
- Under Privacy and security, select Clear browsing data.
- Select Browsing history, Cookies and other site data, as well as Cached images and files.
- Click Clear data.
If the above-methods did not help you, reset Google Chrome to eliminate all the DataQuest-components:
- Click on Menu and select Settings.
- In the Settings, scroll down and click Advanced.
- Scroll down and locate Reset and clean up section.
- Now click Restore settings to their original defaults.
- Confirm with Reset settings to complete DataQuest removal.
Delete DataQuest from Safari
If you found unwanted browser extensions on Safari that you cannot get rid of – reset the browser:
Remove unwanted extensions from Safari:
- Click Safari > Preferences…
- In the new window, pick Extensions.
- Select the unwanted extension related to DataQuest and select Uninstall.
Clear cookies and other website data from Safari:
- Click Safari > Clear History…
- From the drop-down menu under Clear, pick all history.
- Confirm with Clear History.
Reset Safari if the above-mentioned steps did not help you:
- Click Safari > Preferences…
- Go to Advanced tab.
- Tick the Show Develop menu in menu bar.
- From the menu bar, click Develop, and then select Empty Caches.
Access your website securely from any location
When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.
The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login.
VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.
Recover files after data-affecting malware attacks
While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.
Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection.